secshy_resport

secshy Technology Community This is the re...

From points to payouts: The evolution of the Microsoft security researcher leaderboard

The global security research community plays a critical role in helping Microsoft protect customers. Through their deep technical expertise, coordinated disclosure, and collaboration, researchers help identify and remediate vulnerabilities, and shape how our security programs evolve. Many of the...

Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potenti...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 23, 2025 to June 29, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...

GHSA-P2Q6-PWH5-M6JR Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...

Linux Distros Unpatched Vulnerability : CVE-2019-16229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drivers/gpu/drm/amd/amdkfd/kfdinterrupt.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. NOTE...

CVE-2025-1369

creationtimestamp| type| source ---|---|--- 2025-02-17 01:58:12+00:00| seen| https://infosec.exchange/users/cve/statuses/114016746964992086 2025-02-17 02:15:58+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lidohhazjf23 2025-02-17 03:59:59+00:00| seen|...

UK Is Ordering Apple to Break Its Own Encryption

The Washington Post is reporting that the UK government has served Apple with a "technical capability notice" as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and...

CVE-2024-13176

creationtimestamp| type| source ---|---|--- 2025-01-20 13:36:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113860948101305997 2025-01-20 13:59:24+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2360 2025-01-20 14:15:52+00:00| seen|...

CVE-2024-56744

creationtimestamp| type| source ---|---|--- 2024-12-29 12:16:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3legyogm3zn22 2024-12-29 12:40:09+00:00| seen| https://infosec.exchange/users/cve/statuses/113736155699380786 2024-12-29 14:02:26+00:00| seen|...

CVE-2024-10678

creationtimestamp| type| source ---|---|--- 2024-12-13 06:10:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113644024652935047 2024-12-13 08:14:34+00:00| seen| https://t.me/cvedetector/12837...

CVE-2024-8256

creationtimestamp| type| source ---|---|--- 2024-12-10 09:03:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113627719314985079 2024-12-10 10:47:04+00:00| seen| https://t.me/cvedetector/12486...

CVE-2024-51210

creationtimestamp| type| source ---|---|--- 2024-12-04 20:58:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113596557521340095 2024-12-04 23:27:37+00:00| seen| https://t.me/cvedetector/12035...

Rogue AI: What the Security Community is Missing

This is the fourth blog post in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights...

CVE-2024-5535

creationtimestamp| type| source ---|---|--- 2024-08-02 17:50:05+00:00| seen| https://t.me/truesecator/6054 2024-09-04 23:20:00+00:00| seen| https://security.paloaltonetworks.com/CVE-2024-5535 2024-11-12 18:26:35+00:00| seen|...

How to Use Tines's SOC Automation Capability Matrix

Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix SOC ACM is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A...

Enter the substitute teacher

Welcome to this weeks threat source newsletter with Jon out, youve got me as your substitute teacher. Im taking you back to those halcyon days of youth and that moment when you found out that you had a sub that day, will I be the teacher that just rolls in the TV cart and delivers the single...

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesnt...

Nim Backdoor Masquerades as Nepal Government Security

Summary: Attackers employed malicious Microsoft Word documents disguised as official communications from the Nepali government. These documents aimed to trick victims into downloading and executing a backdoor program written in the Nim programming language. As Nim is an uncommon language, it pose...